[Git][security-tracker-team/security-tracker][master] LTS: mark CVE-2020-22674/gpac as for stretch
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 49bfa423 by Roberto C. Sánchez at 2021-10-22T23:37:45-04:00 LTS: mark CVE-2020-22674/gpac as not-affected for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81005,6 +81005,7 @@ CVE-2020-22675 (An issue was discovered in gpac 0.8.0. The GetGhostNum function CVE-2020-22674 (An issue was discovered in gpac 0.8.0. An invalid memory dereference e ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) + [stretch] - gpac (Vulnerable code introduced later, in version 0.7.0) NOTE: https://github.com/gpac/gpac/issues/1346 NOTE: https://github.com/gpac/gpac/commit/6040a5981a9f51410bd18af8820afbd2748c2d76 CVE-2020-22673 (Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49bfa423c0cd113e8655bfe6b31ff6380e6cf241 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49bfa423c0cd113e8655bfe6b31ff6380e6cf241 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: CVE-2020-19751/gpac is in fact present in stretch, but it is minor
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 44303554 by Roberto C. Sánchez at 2021-10-22T22:33:29-04:00 LTS: CVE-2020-19751/gpac is in fact present in stretch, but it is minor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -87225,7 +87225,7 @@ CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a NUL CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool functi ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) - [stretch] - gpac (Vulnerable code introduced later) + [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4430355464f82d44d9a5c142546cbb1767a5cd89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4430355464f82d44d9a5c142546cbb1767a5cd89 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim openjdk-8 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: cf500f13 by Roberto C. Sánchez at 2021-10-22T19:13:17-04:00 LTS: claim openjdk-8 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -62,7 +62,7 @@ nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 -- -openjdk-8 +openjdk-8 (Roberto C. Sánchez) -- openssh (Utkarsh) NOTE: 20211003: a backporting error for CVE-2018-15473 was reported in View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf500f13ca04a97764dcad5989e3f4cbfc2bbd2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf500f13ca04a97764dcad5989e3f4cbfc2bbd2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: mark two CVEs for freerdp as no-dsa in Stretch
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e13f8a3 by Thorsten Alteholz at 2021-10-23T00:29:24+02:00 mark two CVEs for freerdp as no-dsa in Stretch - - - - - 4d45f454 by Thorsten Alteholz at 2021-10-23T00:33:06+02:00 add opnejdk8 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -5029,10 +5029,12 @@ CVE-2021-41161 CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 - freerdp + [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 - freerdp + [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq CVE-2021-41158 RESERVED = data/dla-needed.txt = @@ -62,6 +62,8 @@ nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 -- +openjdk-8 +-- openssh (Utkarsh) NOTE: 20211003: a backporting error for CVE-2018-15473 was reported in NOTE: 20211003: Ubuntu (and can see the same code differences here); View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9828912313f9b8c7fd5822e24bad83edc33574f2...4d45f4544c469ffc0ea3b4b1bf8c9888397683e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9828912313f9b8c7fd5822e24bad83edc33574f2...4d45f4544c469ffc0ea3b4b1bf8c9888397683e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2021-32272 as not-affected for Stretch
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 1458892d by Thorsten Alteholz at 2021-10-22T23:48:42+02:00 mark CVE-2021-32272 as not-affected for Stretch - - - - - b7b3e59f by Thorsten Alteholz at 2021-10-22T23:48:43+02:00 mark CVE-2021-32273 as not-affected for Stretch - - - - - 98289123 by Thorsten Alteholz at 2021-10-23T00:13:12+02:00 add mailman - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -26243,10 +26243,12 @@ CVE-2021-32274 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-o NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-overfl ...) - faad2 2.10.0-1 + [stretch] - faad2 (Vulnerable code not present, introduced in 2.8.2) NOTE: https://github.com/knik0/faad2/issues/56 NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0) CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...) - faad2 2.10.0-1 + [stretch] - faad2 (Vulnerable code not present, introduced in 2.8.2) NOTE: https://github.com/knik0/faad2/issues/57 NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0) CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...) = data/dla-needed.txt = @@ -50,6 +50,8 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- +mailman +-- mosquitto (Anton Gladky) NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp) NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/beb2ab04d6ef3be0c69446e9e2c552433dfd9369...9828912313f9b8c7fd5822e24bad83edc33574f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/beb2ab04d6ef3be0c69446e9e2c552433dfd9369...9828912313f9b8c7fd5822e24bad83edc33574f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: beb2ab04 by security tracker role at 2021-10-22T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,75 @@ +CVE-2021-42847 + RESERVED +CVE-2021-42846 + RESERVED +CVE-2021-42845 + RESERVED +CVE-2021-42844 + RESERVED +CVE-2021-42843 + RESERVED +CVE-2021-42842 + RESERVED +CVE-2021-42841 + RESERVED +CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...) + TODO: check +CVE-2021-42839 + RESERVED +CVE-2021-42838 + RESERVED +CVE-2021-42837 + RESERVED +CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...) + TODO: check +CVE-2021-42835 + RESERVED +CVE-2021-42834 + RESERVED +CVE-2021-42833 + RESERVED +CVE-2021-42832 + RESERVED +CVE-2021-42831 + RESERVED +CVE-2021-42830 + RESERVED +CVE-2021-42829 + RESERVED +CVE-2021-42828 + RESERVED +CVE-2021-42827 + RESERVED +CVE-2021-42826 + RESERVED +CVE-2021-42825 + RESERVED +CVE-2021-42824 + RESERVED +CVE-2021-42823 + RESERVED +CVE-2021-42822 + RESERVED +CVE-2021-42821 + RESERVED +CVE-2021-42820 + RESERVED +CVE-2021-42819 + RESERVED +CVE-2021-42818 + RESERVED +CVE-2021-42817 + RESERVED +CVE-2021-42816 + RESERVED +CVE-2021-42815 + RESERVED +CVE-2021-42814 + RESERVED +CVE-2021-42813 + RESERVED +CVE-2021-3896 + RESERVED CVE-2021-42812 RESERVED CVE-2021-42811 @@ -558,8 +630,8 @@ CVE-2021-42558 RESERVED CVE-2021-42557 RESERVED -CVE-2021-42556 - RESERVED +CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...) + TODO: check CVE-2021-42555 RESERVED CVE-2021-42554 @@ -602,24 +674,24 @@ CVE-2021-42544 RESERVED CVE-2021-42543 RESERVED -CVE-2021-42542 - RESERVED +CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...) + TODO: check CVE-2021-42541 RESERVED -CVE-2021-42540 - RESERVED -CVE-2021-42539 - RESERVED -CVE-2021-42538 - RESERVED +CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract folder for ...) + TODO: check +CVE-2021-42539 (The affected product is vulnerable to a missing permission validation ...) + TODO: check +CVE-2021-42538 (The affected product is vulnerable to a parameter injection via passph ...) + TODO: check CVE-2021-42537 RESERVED -CVE-2021-42536 - RESERVED +CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer username an ...) + TODO: check CVE-2021-42535 RESERVED -CVE-2021-42534 - RESERVED +CVE-2021-42534 (The affected products web application does not properly neutral ...) + TODO: check CVE-2021-42533 RESERVED CVE-2021-42532 @@ -2620,8 +2692,8 @@ CVE-2021-42171 RESERVED CVE-2021-42170 RESERVED -CVE-2021-42169 - RESERVED +CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...) + TODO: check CVE-2021-42168 RESERVED CVE-2021-42167 @@ -2808,12 +2880,14 @@ CVE-2021-42099 CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...) NOT-FOR-US: Devolutions CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...) + {DSA-4991-1} - mailman NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873 NOTE: https://bugs.launchpad.net/mailman/+bug/1947640 NOTE: https://mail.python.org/archives/list/mailman-annou...@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4 CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ...) + {DSA-4991-1} - mailman NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873 NOTE: https://bugs.launchpad.net/mailman/+bug/1947639 @@ -3666,14 +3740,14 @@ CVE-2021-41749 RESERVED CVE-2021-41748 RESERVED -CVE-2021-41747 - RESERVED +CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) + TODO: check CVE-2021-41746 RESERVED -CVE-2021-41745 - RESERVED -CVE-2021-41744 - RESERVED +CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...) + TODO: check +CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...) + TODO: check CVE-2021-41743 RESERVED CVE-2021-41742 @@ -4930,8 +5004,8 @@
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-42340,tomcat9 as fixed in unstable
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d5223fd by Markus Koschany at 2021-10-22T22:07:58+02:00 Mark CVE-2021-42340,tomcat9 as fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2034,7 +2034,7 @@ CVE-2021-3886 CVE-2021-3885 RESERVED CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...) - - tomcat9 + - tomcat9 9.0.54-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1 NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d5223fd918ed59e2b0e236dc66e5463a60c1f85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d5223fd918ed59e2b0e236dc66e5463a60c1f85 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for mailman update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01cd9f3c by Salvatore Bonaccorso at 2021-10-22T20:17:59+02:00 Reserve DSA number for mailman update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[22 Oct 2021] DSA-4991-1 mailman - security update + {CVE-2020-12108 CVE-2020-15011 CVE-2021-42096 CVE-2021-42097} + [buster] - mailman 1:2.1.29-1+deb10u2 [19 Oct 2021] DSA-4990-1 ffmpeg - security update {CVE-2020-20445 CVE-2020-20446 CVE-2020-20453 CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028 CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036 CVE-2020-22037 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291} [buster] - ffmpeg 7:4.1.8-0+deb10u1 = data/dsa-needed.txt = @@ -33,8 +33,6 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. -- -mailman/oldstable (carnil) --- ndpi/oldstable -- nodejs (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01cd9f3c2db61b48cb2351b947558850bd788572 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01cd9f3c2db61b48cb2351b947558850bd788572 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0305cae by Salvatore Bonaccorso at 2021-10-22T15:41:57+02:00 Process several NFUs - - - - - c6908392 by Salvatore Bonaccorso at 2021-10-22T15:42:50+02:00 Associate CVE-2021-1075 with cron to follow related CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18118,7 +18118,7 @@ CVE-2021-35621 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp CVE-2021-35620 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-35619 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35618 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2021-35617 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) @@ -18858,7 +18858,7 @@ CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720 CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...) NOT-FOR-US: TOTOLINK A720R A720R_Firmware CVE-2021-35323 (Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via t ...) - TODO: check + NOT-FOR-US: bludit CVE-2021-35322 RESERVED CVE-2021-35321 @@ -29776,7 +29776,7 @@ CVE-2021-30871 CVE-2021-30870 REJECTED CVE-2021-30869 (A type confusion issue was addressed with improved state handling. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30868 REJECTED CVE-2021-30867 @@ -29818,57 +29818,57 @@ CVE-2021-30852 CVE-2021-30851 REJECTED CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30847 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30846 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30845 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30844 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30843 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30842 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30841 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30840 RESERVED CVE-2021-30839 RESERVED CVE-2021-30838 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30836 RESERVED CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30834 RESERVED CVE-2021-30833 RESERVED CVE-2021-30832 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30831 RESERVED CVE-2021-30830 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30828 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30827 (A permissions issue existed. This issue was addressed with improved pe ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30826 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30825 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30824 RESERVED CVE-2021-30823 @@ -29878,9 +29878,9 @@ CVE-2021-30822 CVE-2021-30821 RESERVED CVE-2021-30820 (A logic issue was addressed with improved
[Git][security-tracker-team/security-tracker][master] lib: add support for data//list in the parsers
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 8959f1b9 by Sylvain Beucler at 2021-10-22T14:55:44+02:00 lib: add support for data/extended/list in the parsers - - - - - 1 changed file: - lib/python/sectracker/parsers.py Changes: = lib/python/sectracker/parsers.py = @@ -383,3 +383,19 @@ def dlalist(path, f): _checkrelease(anns, diag, "DLA") return Bug(path, Header(headerlineno, name, None), tuple(anns)) return _parselist(path, f, parseheader, finish) + +@_xpickle.loader("EXT" + FORMAT) +def extadvlist(path, f): +re_header = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] ' ++ r'([A-Z]+-\d+(?:-\d+)?)\s+' ++ r'(.*?)\s*$') +def parseheader(line): +match = re_header.match(line) +if match is None: +return None +return match.groups() +def finish(header, headerlineno, anns, diag): +d, m, y, name, desc = header +_checkrelease(anns, diag, "EXT") +return Bug(path, Header(headerlineno, name, None), tuple(anns)) +return _parselist(path, f, parseheader, finish) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8959f1b99ae05b206b922fd6eadac122b8b0b357 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8959f1b99ae05b206b922fd6eadac122b8b0b357 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries for mailman which will be included in next update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61634db6 by Salvatore Bonaccorso at 2021-10-22T14:31:54+02:00 Remove no-dsa tagged entries for mailman which will be included in next update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -97898,7 +97898,6 @@ CVE-2020-15012 (A Directory Traversal issue was discovered in Sonatype Nexus Rep CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...) {DLA-2276-1 DLA-2265-1} - mailman - [buster] - mailman (Minor issue) NOTE: https://bugs.launchpad.net/mailman/+bug/1877379 NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1848 CVE-2020-15010 @@ -105913,7 +105912,6 @@ CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...) {DLA-2276-1 DLA-2204-1} - mailman - [buster] - mailman (Minor issue) NOTE: https://bugs.launchpad.net/mailman/+bug/1873722 NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1844 CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61634db6c71cdc96b6ede1157a2584996da8b8c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61634db6c71cdc96b6ede1157a2584996da8b8c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream revision reference for CVE-2020-12108
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5eb108ab by Salvatore Bonaccorso at 2021-10-22T14:04:52+02:00 Add upstream revision reference for CVE-2020-12108 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -105915,6 +105915,7 @@ CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary C - mailman [buster] - mailman (Minor issue) NOTE: https://bugs.launchpad.net/mailman/+bug/1873722 + NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1844 CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...) NOT-FOR-US: VPNCrypt CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5eb108abce2a1f216474a5c6fef209c205febdc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5eb108abce2a1f216474a5c6fef209c205febdc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream revision reference for CVE-2020-15011
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7bb3f260 by Salvatore Bonaccorso at 2021-10-22T14:03:10+02:00 Add upstream revision reference for CVE-2020-15011 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -97900,6 +97900,7 @@ CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via - mailman [buster] - mailman (Minor issue) NOTE: https://bugs.launchpad.net/mailman/+bug/1877379 + NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1848 CVE-2020-15010 RESERVED CVE-2020-15009 (AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bb3f260f25b792db152034f2026604699e9725a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bb3f260f25b792db152034f2026604699e9725a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21703 specifically for php7.4
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3bb474f by Salvatore Bonaccorso at 2021-10-22T12:07:19+02:00 Add Debian bug reference for CVE-2021-21703 specifically for php7.4 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52309,7 +52309,7 @@ CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x CVE-2021-21703 RESERVED - php8.0 - - php7.4 + - php7.4 (bug #997003) - php7.3 - php7.0 NOTE: Fixed in PHP 8.0.12 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3bb474fb909239488c7d945b54a7f2790c2a947 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3bb474fb909239488c7d945b54a7f2790c2a947 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] openjdk-17 fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 28baea18 by Moritz Muehlenhoff at 2021-10-22T11:38:42+02:00 openjdk-17 fixed in sid - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -18151,7 +18151,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo - mysql-8.0 - mysql-5.7 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - - openjdk-17 + - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35602 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) @@ -18187,7 +18187,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition CVE-2021-35587 RESERVED CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - - openjdk-17 + - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35585 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...) @@ -18205,7 +18205,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac CVE-2021-35579 RESERVED CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - - openjdk-17 + - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) @@ -18229,7 +18229,7 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - - openjdk-17 + - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) @@ -18238,7 +18238,7 @@ CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - - openjdk-17 + - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle E-Bus ...) @@ -18246,13 +18246,13 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - - openjdk-17 + - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...) TODO: doublecheck for more details, Deployment components not part of OpenJDK, only present in Oracle Java CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - - openjdk-17 + - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) @@ -18260,7 +18260,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - - openjdk-17 + - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 CVE-2021-3 = data/dsa-needed.txt = @@ -33,7 +33,7 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. -- -mailman (carnil) +mailman/oldstable (carnil) -- ndpi/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28baea18b828729aedb2131047f72591414d2567 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28baea18b828729aedb2131047f72591414d2567 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e48cfd81 by Salvatore Bonaccorso at 2021-10-22T10:48:47+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4935,7 +4935,7 @@ CVE-2021-41171 CVE-2021-41170 RESERVED CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...) - TODO: check + NOT-FOR-US: Sulu CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...) TODO: check CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...) @@ -5027,7 +5027,7 @@ CVE-2021-41129 (Pterodactyl is an open-source game server management panel built CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...) NOT-FOR-US: Hygeia CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...) - TODO: check + NOT-FOR-US: Rasa CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...) NOT-FOR-US: October CMS CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...) @@ -5984,7 +5984,7 @@ CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a refl CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...) NOT-FOR-US: Adobe CVE-2021-40719 (Adobe Connect version 11.2.2 (and earlier) is affected by a Deserializ ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-40718 RESERVED CVE-2021-40717 @@ -9135,17 +9135,17 @@ CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by ot - ledgersmb 1.6.9+ds-2.1 (bug #992817) NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39353 RESERVED CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...) NOT-FOR-US: WordPress plugin CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...) @@ -9153,7 +9153,7 @@ CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) NOT-FOR-US: WordPress plugin CVE-2021-39346 @@ -9193,7 +9193,7 @@ CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to St CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) NOT-FOR-US: WordPress plugin CVE-2021-39326 @@ -9207,7 +9207,7 @@ CVE-2021-39323 CVE-2021-39322 (The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the ...) NOT-FOR-US: WordPress plugin CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39320 (The underConstruction plugin = 1.18 for WordPress echoes out the r ...) NOT-FOR-US: WordPress plugin CVE-2021-39319 @@ -15146,7 +15146,7 @@ CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vul CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: Wordpress plugin CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36868 RESERVED CVE-2021-36867 @@ -21063,7 +21063,7 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package
[Git][security-tracker-team/security-tracker][master] Add two more libstb issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3ac4221 by Salvatore Bonaccorso at 2021-10-22T10:41:46+02:00 Add two more libstb issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -230,9 +230,16 @@ CVE-2021-3894 CVE-2021-42717 RESERVED CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...) - TODO: check + - libstb + NOTE: https://github.com/nothings/stb/issues/1166 + NOTE: https://github.com/nothings/stb/issues/1225 + NOTE: https://github.com/nothings/stb/pull/1223 + TODO: check libstb itself, and various packages embedd a copy CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...) - TODO: check + - libstb + NOTE: https://github.com/nothings/stb/issues/1224 + NOTE: https://github.com/nothings/stb/pull/1223 + TODO: check libstb itself, and various packages embedd a copy CVE-2021-42714 RESERVED CVE-2021-42713 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3ac422172c78ecd0cbfcf5c4a708f46b229e0be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3ac422172c78ecd0cbfcf5c4a708f46b229e0be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 413c5ffb by security tracker role at 2021-10-22T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2021-42812 + RESERVED +CVE-2021-42811 + RESERVED +CVE-2021-42810 + RESERVED +CVE-2021-42809 + RESERVED +CVE-2021-42808 + RESERVED +CVE-2021-42807 + RESERVED +CVE-2021-42806 + RESERVED +CVE-2021-42805 + RESERVED +CVE-2021-42804 + RESERVED +CVE-2021-42803 + RESERVED +CVE-2021-42802 + RESERVED +CVE-2021-42801 + RESERVED +CVE-2021-42800 + RESERVED +CVE-2021-42799 + RESERVED +CVE-2021-42798 + RESERVED +CVE-2021-42797 + RESERVED +CVE-2021-42796 + RESERVED +CVE-2021-42795 + RESERVED +CVE-2021-42794 + RESERVED CVE-2021-42793 RESERVED CVE-2021-42792 @@ -4889,10 +4927,10 @@ CVE-2021-41171 RESERVED CVE-2021-41170 RESERVED -CVE-2021-41169 - RESERVED -CVE-2021-41168 - RESERVED +CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...) + TODO: check +CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...) + TODO: check CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...) TODO: check CVE-2021-41166 @@ -4981,8 +5019,8 @@ CVE-2021-41129 (Pterodactyl is an open-source game server management panel built NOT-FOR-US: Pterodactyl CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...) NOT-FOR-US: Hygeia -CVE-2021-41127 - RESERVED +CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...) + TODO: check CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...) NOT-FOR-US: October CMS CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...) @@ -5938,8 +5976,8 @@ CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a refl NOT-FOR-US: Adobe CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...) NOT-FOR-US: Adobe -CVE-2021-40719 - RESERVED +CVE-2021-40719 (Adobe Connect version 11.2.2 (and earlier) is affected by a Deserializ ...) + TODO: check CVE-2021-40718 RESERVED CVE-2021-40717 @@ -9089,26 +9127,26 @@ CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by ot {DSA-4962-1} - ledgersmb 1.6.9+ds-2.1 (bug #992817) NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking -CVE-2021-39357 - RESERVED -CVE-2021-39356 - RESERVED +CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...) + TODO: check CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin -CVE-2021-39354 - RESERVED +CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...) + TODO: check CVE-2021-39353 RESERVED -CVE-2021-39352 - RESERVED +CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...) + TODO: check CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...) NOT-FOR-US: WordPress plugin CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin -CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) +CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin -CVE-2021-39348 - RESERVED +CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...) + TODO: check CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) NOT-FOR-US: WordPress plugin CVE-2021-39346 @@ -9147,8 +9185,8 @@ CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to St NOT-FOR-US: WordPress plugin CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin -CVE-2021-39328 - RESERVED +CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...) + TODO: check CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) NOT-FOR-US: WordPress plugin CVE-2021-39326 @@ -9161,8 +9199,8 @@ CVE-2021-39323 RESERVED
[Git][security-tracker-team/security-tracker][master] CVE-2021-42762/webkit2gtk fixed in unstable via 2.34.1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0ccabc7 by Salvatore Bonaccorso at 2021-10-22T09:05:50+02:00 CVE-2021-42762/webkit2gtk fixed in unstable via 2.34.1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -64,7 +64,7 @@ CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 202 CVE-2021-42763 RESERVED CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allow ...) - - webkit2gtk + - webkit2gtk 2.34.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ccabc706f2067b733db36ede328851939c19be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ccabc706f2067b733db36ede328851939c19be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits